My Anti Spyware

How to make Internet Explorer more secure

Follow these simple instructions:

• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

• Next press the Apply button and then the OK to exit the Internet Properties page.

Read more:
How to use “Internet Zone Settings”
How to disable Active Scripting support
How to drop rights for safe surf

Don’t be a victim or how to make better choices

There are some current tools out there which may help users make better choices (or block their bad choices). I’m just going to talk about browser toolbars. For the user class of not completely hopeless up to expert I really recommend McAfee’s SiteAdvisor. This toolbar works with Firefox and IE and will provide more prominent and granular indicators that a site is dubious (or downright malicious). Users will need to keep an eye on their browser corner (which may require education) or optionally glance at the pretty red, yellow, green icons next to their google search results (RED means BAD)

SiteAdvisor

Also for those looking at getting involved in the community sign up to be a reviewer. Help SiteAdvisor catch and correctly flag all those bad sites that try oh so hard to look legit.

Netcraft Toolbar

So back to phishing. Netcraft has a really nice toolbar which can provide visual clues (YMMV) as well as speed bumps to doing something unsafe. It can actually block access to a site pending user verification (ok so we all know most users click OK on anything that pops up to get it out of the way)

NoScript

Extra protection for your Firefox: NoScript allows JavaScript, Java and other executable content only for trusted domains of your choice, e.g. your home-banking web site.
This whitelist based preemptive blocking approach prevents exploitation of security vulnerabilities (known and even unknown!) with no loss of functionality…
Experts do agree: Firefox is really safer with NoScript ;-)Works with: Firefox 1.0 - 3.0a1, Mozilla 1.7 - 1.8

SpoofStick

A spoofed website is typically made to look like a well known, branded site (like ebay.com or citibank.com) with a slightly different or confusing URL. The attacker then tries to trick people into going to the spoofed site by sending out fake email messages or posting links in public places - hoping that some percentage of users won’t notice the incorrect URL and give away important information. This practice is sometimes known as “phishing”. SpoofStick makes it easier to spot a spoofed website by prominently displaying only the most relevant domain information.

Sandboxie

You may want to run your Web browser inside the sandbox most of the time. This way any incoming, unsolicited software (spyware, malware and the like) that you download, is trapped in the sandbox. Changes made to your list of Favorites or Bookmarks, hijacking of your preferred start page, new and unwanted icons on your desktop — all these, and more, are trapped in and bound to the sandbox. You could also try a new toolbar add-on, browser extension or just about any kind of software. If you don’t like it, you throw away the sandbox, and start again with a fresh sandbox. On the other hand, if you do like the new piece of software, you can re-install it outside the sandbox so it becomes a permanent part of your system.

Sandboxie intercepts changes to both your files and registry settings, making it virtually impossible for any software to reach outside the sandbox.
Sandboxie traps cached browser items into the sandbox as a by-product of normal operation, so when you throw away the sandbox, all the history records and other side-effects of your browsing disappear as well.

Expect this warning and popup trend to continue. Google is taking steps to prevent accidental wrong exits (see http://www.stopbadware.org/ for details on this initiative)

The next versions of IE and Firefox should have some of these protections built in. None of these will remove the need for user education (good luck explaining hostnames and mouse-overs to grandma). The criminals will figure out ways to circumvent these technologies and users will continue to ignore all the annoying popup warning windows and glaring red warning symbols. Its just human nature. If only it were as simple as just telling people to “only surf trusted sites”. Right. uh huh.

Microsoft Internet Explorer does not honor ActiveX kill bit

A specially crafted HTML document can cause Internet Explorer to skip the kill bit check. This means that any ActiveX control that has been disabled solely through use of the kill bit may still be used by Internet Explorer.

A kill bit is a registry setting that prevents Internet Explorer from running the corresponding ActiveX control even if the control is installed on the system. It is not uncommon to proactively set kill bits for known malicious ActiveX controls as part of a spyware-prevention effort. For example, the SpywareGuide website provides a freely downloadable .REG file for setting kill bits of many “dubious” ActiveX controls.

How to protect:
Apply an update

Install the 905915 update (MS05-054) or a more recent Internet Explorer cumulative security update.

Disable ActiveX

Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this vulnerability. Instructions for disabling ActiveX in the Internet Zone can be found in the document Securing Your Web Browser and the Malicious Web Scripts FAQ.

Note that disabling ActiveX controls in the Internet Zone will reduce the functionality of some web sites.

Use a different web browser

There are a number of significant vulnerabilities in technologies involving the IE domain/zone security model, local file system (Local Machine Zone) trust, the Dynamic HTML (DHTML) document object model (in particular, proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI), and ActiveX. These technologies are implemented in operating system libraries that are used by IE and many other programs to provide web browser functionality. IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system.

It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when viewing untrusted HTML documents (e.g., web sites, HTML email messages). Such a decision may, however, reduce the functionality of sites that require IE-specific features such as proprietary DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control (WebOC), or the HTML rendering engine (MSHTML).

Netscape 8.1 adds spyware scanner, bundles

AOL HAS released version 8.1 of the Netscape browser. In case you were expecting something revolutionary, or that the company listened to the users’ pleas to bring back the e-mail client or to extend Netscape 8 to other operating systems, Netscape 8.1 offers no very good news for you: it’s still Windows-only, and it’s still as U.S.-centric (if not more) than 8.0.

Find the program’s release notes here.

Let’s start with the good:

* Most stability problems appear to be ironed out by now.
* The applications starts very quickly. At least on my test system, a 2.4Ghz P4 with 512MB running WinXP SP2.
* There’s a new spyware scanner. Described here.
* Multiple user profiles are back - I remember those from Netscape 4.0 back in 1996. Ten years ago.
* The user is offered to download and auto install a copy of McAfee antivirus. In case you’ve been living outside this Planet and don’t know by now that running Windows without an antivirus is suicidal.

Read more…

Block lists have been updated

* IE-SPYAD (original)
* IE-SPYAD2
* IE-SPYAD for ZonedOut
* AGNIS (for AtGuard/NIS/NPF)
* AGNIS for Outpost
* AGNIS for AdShield
* AGNIS Sites List

You can download all of these new versions at:

https://netfiles.uiuc.edu/ehowes/www/resource.htm
You can download all of these new versions at:

https://netfiles.uiuc.edu/ehowes/www/resource.htm

Included with the original version of IE-SPYAD/IE-SPYAD2 is an uninstaller (IE-ADS-UNINST.REG) for the *previous* and *current* versions of IE-SPYAD. IE-SPYAD/IE-SPYAD2 also includes a batch file installation utility (INSTALL.BAT) that can be used to install and uninstall IE-SPYAD.

To use the IE-SPYAD for ZonedOut version of the Restricted sites list, you must download the free ZonedOut utility from FunkyToad:

http://www.funkytoad.com/zonedout.htm

The original AGNIS block lists are compatible with AtGuard 3.x and ALL versions of Norton Internet Security as well as Norton Personal Firewall 2003 and 2004. There are separate versions of AGNIS for users of Agnitum Outpost and AdShield.

If you’re running NIS 2002 Pro, NIS 2003, NIS 2003 Pro, NIS 2004, NIS 2004 Pro, NIS 2005, NIS 2006, NPF 2003, NPF 2004, NPF 2005, or NPF 2006 you CAN use the AGNIS block lists, however, you must use the ProWAGoN block list utility written by Christian Haagensen to load, remove, and backup ad block lists from NIS. Do NOT attempt to install AGNIS block lists in any of these versions of NIS or NPF by manually merging .REG files or using the AGNIS.BAT batch file utility included with AGNIS. Use the ProWAGoN utility instead. You can download ProWAGoN here:

https://netfiles.uiuc.edu/ehowes/www/resource.htm#prowagon

A summary of what’s new, updated, and changed in IE-SPYAD and AGNIS can be found here:

https://netfiles.uiuc.edu/ehowes/www/res/list-changes.txt

If you have any questions or comments about IE-SPYAD, AGNIS, AGNIS for Outpost, or AGNIS for AdShield, please don’t hesitate to let me know.

Read how to use block list here and here

The Adblock project

Adblock is a content filtering plug-in for the Mozilla and Firebird browsers. It is both more robust and more precise than the built-in image blocker.
Adblock allows the user to specify filters, which remove unwanted content based on the source-address. If this sounds complicated, don’t worry: it’s not.
Just add a few filters. Every time a webpage loads, Adblock will intercept and disable the elements matching your filters. See?- nothing to it.
Great! …but how do I add filters?
After you install / restart, an Adblock-item will be present in the tools-menu. This will launch Adblock’s prefs.
A selected filter can be edited by double-clicking or pressing ‘enter’. To remove it, press ‘delete’. New filters can also be added here or directly in the web-page: just right-click an ad and choose the Adblock option. For plugins, an Adblock-tab will appear atop or below the media: just click the “Adblock” text.
[Note: if you encounter a plugin, but don’t see the Adblock-tab, don’t worry — the plugin is just cropped. Adblock has this covered. Choose “Overlay Flash” from the tools-menu, or type its shortcut. Now, you can directly click the overlay.]
Adblock supports two types of filters: simple, and Regular Expression.
A simple-filter is just a string of text with one or more wildcards (*). Regular expressions are much more complex, allowing precise control over filtering. In Adblock, as in all javascript, regular expressions must begin and end with the forward-slash: ‘/’.

More info about AdBlock here.

Vulnerability in the Internet Explorer

Week ago the UK group “Computer Terrorism” released a proof of concept exploit against patched versions of Internet Explorer. Microsoft is investigating this report of a vulnerability in Microsoft Internet Explorer on Microsoft Windows 98, on Windows 98 Second Edition, on Windows Millennium Edition, on Windows 2000 Service Pack 4, on Windows XP Service Pack 1, and on Windows XP Service Pack 2. Who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. Microsoft have also been made aware of proof of concept code and malicious software targeting the reported vulnerability.
You can visit Windows Live Safety Center and are encouraged to use the Complete Scan option to check for and remove this malicious software and future variants.

Lock down your browser

One of the most prevalent means for spyware and adware to be installed is through Internet Explorer. To prevent spyware and adware from installing without your knowledge and permission, you need to “lock down” Internet Explorer. There are several ways to do this.

Securely configure the Internet zone

First, you can securely configure the Internet zone of Internet Explorer and add sites that you trust to the Trusted sites zone. This means that by default web sites will not be able to use “active content” (i.e., ActiveX controls, Java applets, and scripting) until you explicitly choose to trust those web sites.

Internet zone Security Settings

See this page for instructions on how to securely configure Internet Explorer:

Internet Explorer Privacy & Security Settings

By turns, you could also use this free program, which will automatically configure Internet Explorer for you:

Enough is Enough!

One potential downside to securely configuring the Internet zone is that some web sites will not work properly until you add them to the Trusted sites zone — a process that some users find cumbersome.

Add bad sites to the Restricted sites zone

Second, you can use another approach to “locking down” Internet Explorer which avoids the hassle of broken web sites by adding known “nasty” sites to the Restricted sites zone.

Doing so gives your PC protection against known threats while still allowing most web sites to work by default.

To put the clamp down on a long list of undesirable web sites, you can install and use this free Restricted sites list:

IE-SPYAD

IE-SPYAD is simple to use and won’t slow down your system because it doesn’t run in the background — it simply configures Internet Explorer more securely.
If you choose to use the Restricted sites approach of IE-SPYAD, be sure to update your copy of IE-SPYAD regularly, as new web sites are constantly being added to the list.

IE-SPYAD: Restricted Sites List for Internet Explorer

IE-SPYAD adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. Once you merge this list of sites and domains into the Registry, the web sites for these companies will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC.

Please note that IE-SPYAD is not an ad blocker. It will not block standard banner ads in Internet Explorer. What this Restricted sites list of known advertisers and crapware pushers will do, however, is:
# stop unwanted crapware from being installed behind your
back via “drive-by-downloads”;

# prevent the hijacking of your home page and other key
Internet Explorer settings;

# shut down ActiveX, Java, and scripting, all of which can
be employed to push obnoxious advertising on you and
compromise your privacy and security;

# block cookies, which can be used to monitor and track your
travels around the Internet;

# combat obnoxious script-based popups that clutter your
screen and force unwanted advertising on you.

>download here.

Microsoft Boosts Phishing Security

o enhance the protection offered by Microsoft Phishing Filter and Microsoft SmartScreen Technology, the company has roped in three new data providers, Cyota, Internet Identity and MarkMonitor. These companies will regularly provide Microsoft with information on confirmed phishing Web sites.

Microsoft Phishing Filter, introduced in July 2005, helps protect customers from phishing scams when they are browsing the Internet, and is available via the Phishing Filter Add-in for the MSN Search Toolbar, which launched in final release yesterday; and the upcoming release of Windows Internet Explorer 7 for Windows Vista, and Windows XP Service Pack 2, both currently in beta 1 testing.

The Microsoft Phishing Filter provides consumers with a dynamic online warning and protection system against phishing attacks in their browser, and a way to report possible phishing Web sites.

The phishing information provided by the phishing data providers, will also be used to help Microsoft SmartScreen Technology detect phishing scams in e-mail sent to MSN Hotmail and Windows Live Mail beta customers.

Phishing, a fast-growing class of online fraud and identity theft, often uses fake Web sites that resemble those of legitimate businesses, financial institutions or other trusted organizations, to trick victims into disclosing sensitive personal and financial information that can then be used for criminal activity. Phishing sites can often last as little as a few hours or a few days before they are shut down, making real-time browser protection critical to help effectively safeguard users.

Cyota, Internet Identity and MarkMonitor are now helping to bolster both the Microsoft Phishing Filter’s URL reputation service and SmartScreen Technology, with data feeds from their own unique sets of customers.

Cyota helps provide anti-fraud and online authentication solutions, Internet Identity helps provide early detection and rapid response de-activation of phishing attacks for clients ranging from banks and online services to credit unions, while MarkMonitor s fraud detection and response services monitor the Internet to help detect and confirm phish attacks and other online fraud on behalf of financial institutions and other corporations.

John L Scarrow, general manager - anti-spam and anti-phishing team, Microsoft Technology Care and Safety Group, said, “There is of course no silver bullet that can stop phishing, but we believe that the Microsoft Phishing Filter and SmartScreen Technology, when armed with continuously updated data from both great partners and our own users, can help make a significant difference for our customers worldwide. We are excited to be working with leading companies like Cyota, Internet Identity and MarkMonitor, to better protect our MSN and Windows Live and Windows customers, and help them feel more confident in their online safety.”

Although recent industry reports indicate that the spam problem may be on the decline worldwide, the threat of phishing continues to rise and has increased more than six-fold in the past year.

Thunderbird reclaim your inbox

Thunderbird makes emailing safer, faster, and easier than ever before with the industry’s best implementations of features such as intelligent spam filters, built-in RSS reader, quick search, and much more.

Smartest Way to Stop Junk Mail
Thunderbird provides the most effective tools for detecting junk mail. Our tools analyze your e-mail and identify those that are most likely to be junk. You can automatically have your junk mail deleted or you can put it in a folder you specify, just in case you like reading junk mail.
Your Mail, Your Way
View your e-mail the way you want it. Access your e-mail with Thunderbird’s new three-column view. Customize your toolbar, change its look with themes, and use Mail Views to quickly sort through your e-mail.
Safe and Secure
Thunderbird provides enterprise and government grade security features such as S/MIME, digital signing, message encryption, support for certificates and security devices.
Packed with Features
Thunderbird gives you IMAP/POP support, a built-in RSS reader, support for HTML mail, powerful quick search, saved search folders, advanced message filtering, message grouping, labels, return receipts, smart address book LDAP address completion, import tools, and the ability to manage multiple e-mail and newsgroup accounts.
Unlimited Features
Thunderbird lets you add additional features as you need them through extensions. Extensions are a powerful tool to help you build a mail client that meets your specific needs.

Beware of spyware. If you can, use the Firefox browser.

The wait is over. Firefox empowers you to browse faster, more safely and more efficiently than with any other browser. Join more than 100 million others and make the switch today — Firefox imports your Favorites, settings and other information, so you have nothing to lose.

Popup Blocking
Stop annoying popup ads in their tracks with Firefox’s built in popup blocker.
Tabbed Browsing
View more than one web page in a single window with this time saving feature. Open links in the background so that they’re ready for viewing when you’re ready to read them.
Privacy and Security
Built with your security in mind, Firefox keeps your computer safe from malicious spyware by not loading harmful ActiveX controls. A comprehensive set of privacy tools keep your online activity your business.
Smarter Search
Google Search is built right into the toolbar, and there is a plethora of other search tools including Smart Keywords (type “dict ” in the Location bar), and the new Find bar (which finds text as you type without covering up anything).
Live Bookmarks
RSS integration lets you read the latest news headlines and read updates to your favorite sites that are syndicated.
Hassle-Free Downloading
Files you download are automatically saved to your Desktop so they’re easy to find. Fewer prompts mean files download quicker.
Fits Like a Glove
Simple and intuitive, yet fully featured, Firefox has all the functions you’re used to - Bookmarks, History, Full Screen, Text Zooming to make pages with small text easier to read, etc.
S, M, L or XL—It’s Your Choice
Firefox is the most customizable browser on the planet. Customize your toolbars to add additional buttons, install new Extensions that add new features, add new Themes to browse with style, and use the adaptive search system to allow you to search an infinite number of engines. Firefox is as big or small as you want.
Setup’s a Snap
At only 4.7MB (Windows), Firefox takes just a few minutes to download over a slow connection and seconds over a fast connection. The installer gets you set up quickly, and the new Easy Transition system imports all of your settings - Favorites, passwords and other data from Internet Explorer and other browsers - so you can start surfing right away.
Read Mail—Not Spam
Thunderbird is the perfect complement to Firefox.